ClientCertAuth Rule

Identified by type="ClientCertAuth", this rule enables TLS/SSL client certificate authentication for back-channel SOAP communication to the SP.

Attributes

Name

Type

Default

Description

Name

Type

Default

Description

errorFatal 

boolean

false

If true, failure to validate a supplied certificate is fatal during message processing. This is distinct from cases where a certificate isn't present.

Example

<PolicyRule type="ClientCertAuth" errorFatal="true"/>